Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cureit Came up with message HOSTS file changed.


  • Please log in to reply
3 replies to this topic

#1 mrh2opro

mrh2opro

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Just north of Detroit
  • Local time:12:44 AM

Posted 28 January 2010 - 01:36 PM

I ran Dr. Web Cureit in normal mode today and it came up with a message that "the HOSTS file had been changed. Would you like to revert to default HOSTS file? This may be an indication of malware"... or something real close to that. However, it didn't find any viruses. I run PC Shield resident, and every couple of days I run Malwarebytes and SUPERantispyware, and they all come up clean as well. I did load SpyBot back on a couple of days ago, could that have done the modification? I've also been using Chrome vs IE or Firefox. My PC has been very sluggish lately, as well, at least when using the internet.

Any thoughts?

THanks

Tom


EDIT: Move to more appropriate forum

Edited by garmanma, 28 January 2010 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:44 AM

Posted 28 January 2010 - 08:03 PM

As far as the hosts file goes it is located here. C:\WINDOWS\system32\drivers\etc Spybot adds an extended list of things to the hosts file as part of the immunize option.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:12:44 AM

Posted 28 January 2010 - 09:57 PM

A change to the hosts files does not mean you have a VIRUS.

You can use Microsoft's "autoruns" from this link http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

To find out more about whats happening with your machine

Edited by MrBruce1959, 28 January 2010 - 10:03 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:44 AM

Posted 29 January 2010 - 02:10 PM

Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system. There are several legitimate security programs like SpySweeper, STOPzilla, Spybot S&D, etc which can add numerous entries to the HOSTS file and that action may be detected as a change. If you downloaded and used a custom HOSTS file or made edits to it, doing so could also trigger a change detection by security scanners which monitor that file. If you did not make any changes or do not have security programs with these features, then you need to investigate what the changes are. Since you say you have Spybot install, see Spybot S&D: HOSTS file viewer.

To view the folder containing your Hosts file, go to Posted Image > Run..., and in the Open box, type:
%windir%\system32\drivers\etc\
Click Ok.

The easiest way to access and view the contents is by using Notepad.
  • Double-click on the HOSTS file.
  • A message will appear saying Windows can't open the file or Choose the program you want to open this file.
  • Scroll down the list of programs until you see Notepad.
  • Select it and click OK.
To view the Hosts file in Notepad automatically, go to Posted Image > Run..., and in the Open box, type:
notepad %windir%\system32\drivers\etc\hosts
Click Ok.

Edited by quietman7, 29 January 2010 - 02:11 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users